Friday, February 20, 2015

Cyber Alert: Lenovo PCs Vulnerable to HTTPS 'Spoofing'

The
National Cyber Awareness System (US-CERT) has just issued a warning about
a critical vulnerability in Lenovo consumer personal computers.

US-CERT
issued the alert on Friday morning (Feb. 20, 2015), saying the Lenovo
PCs using pre-installed Superfish Visual Discovery software have been
found to contain a “critical vulnerability through a compromised
root CA certificate.”

Exploitation
of this vulnerability could allow a remote attacker to read all
encrypted web browser traffic (HTTPS), successfully impersonate
(spoof) any website, or “perform other attacks on the affected
system,” the government warned.